Home page logo
/

oss-sec logo oss-sec mailing list archives

Re: CVE Request for Drupal Contributed Modules
From: Kurt Seifried <kseifried () redhat com>
Date: Sun, 07 Oct 2012 00:15:51 -0600

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 10/04/2012 12:15 PM, Joshua Brauer wrote:

This is a batch CVE request for several already published/resolved
issues with contributed modules for the Drupal project.

Assigned most, need clarification on several issues. Top posting for
ease of use. Please see below for questions.

+CVE-2012-4482 Drupal SA-CONTRIB-2012-112 - Ubercart SecureTrading -
Failure to follow guideline/specification
+CVE-2012-4483 Drupal SA-CONTRIB-2012-113 - Drupal Commons - Access Bypass
+CVE-2012-4484 Drupal SA-CONTRIB-2012-114 - Campaign Monitor - Cross
Site Scripting (XSS)
+CVE-2012-4485 Drupal SA-CONTRIB-2012-115 - Gallery formatter - Cross
Site Scripting (XSS)
+CVE-2012-4486 Drupal SA-CONTRIB-2012-116 - Subuser - Cross Site
Request Forgery (CSRF)
+CVE-2012-4487 Drupal SA-CONTRIB-2012-116 - Subuser - Access Bypass
+CVE-2012-4488 Drupal SA-CONTRIB-2012-117 - Location - Access Bypass
+CVE-2012-4489 Drupal SA-CONTRIB-2012-118 - Secure Login - Open Redirect
+CVE-2012-4490 Drupal SA-CONTRIB-2012-119 - Excluded Users - Cross
Site Scripting (XSS)
+CVE-2012-4491 Drupal SA-CONTRIB-2012-120 - Monthly Archive by Node
Type - Access Bypass
+CVE-2012-4492 Drupal SA-CONTRIB-2012-121 - Shorten URLs - Cross Site
Scripting (XSS)
+CVE-2012-4493 Drupal SA-CONTRIB-2012-122 - Better Revisions - Cross
Site Scripting (XSS)
+CVE-2012-4494 Drupal SA-CONTRIB-2012-123 - Shibboleth authentication
- - Access Bypass
+CVE-2012-4495 Drupal SA-CONTRIB-2012-124 - Mime Mail - Access Bypass
+CVE-2012-4496 Drupal SA-CONTRIB-2012-127 - Custom Publishing Options
- - Cross Site Scripting (XSS) Vulnerability
+CVE-2012-4497 Drupal SA-CONTRIB-2012-128 - Elegant Theme - Cross Site
Scripting (XSS)
+CVE-2012-4498 Drupal SA-CONTRIB-2012-129 - Activism - Access Bypass
+CVE-2012-4499 Drupal SA-CONTRIB-2012-131 - Email Field - Access Bypass
+CVE-2012-4500 Drupal SA-CONTRIB-2012-132 - Announcements - Access Bypass

http://drupal.org/node/1679820 | SA-CONTRIB-2012-112 - Ubercart
SecureTrading - Failure to follow guideline/specification 
http://drupal.org/node/1679888 | SA-CONTRIB-2012-113 - Drupal
Commons - Access Bypass http://drupal.org/node/1691446 |
SA-CONTRIB-2012-114 - Campaign Monitor - Cross Site Scripting
(XSS) http://drupal.org/node/1700578 | SA-CONTRIB-2012-115 -
Gallery formatter - Cross Site Scripting (XSS)


Multiple Vulnerabilities: http://drupal.org/node/1700584 |
SA-CONTRIB-2012-116 - Subuser - Cross Site Request Forgery (CSRF) 
http://drupal.org/node/1700584 | SA-CONTRIB-2012-116 - Subuser -
Access Bypass

http://drupal.org/node/1700588 | SA-CONTRIB-2012-117 - Location -
Access Bypass http://drupal.org/node/1700594 | SA-CONTRIB-2012-118
- Secure Login - Open Redirect http://drupal.org/node/1708058 |
SA-CONTRIB-2012-119 - Excluded Users - Cross Site Scripting (XSS) 
http://drupal.org/node/1708198 | SA-CONTRIB-2012-120 - Monthly
Archive by Node Type - Access Bypass http://drupal.org/node/1719392
| SA-CONTRIB-2012-121 - Shorten URLs - Cross Site Scripting (XSS) 
http://drupal.org/node/1719402 | SA-CONTRIB-2012-122 - Better
Revisions - Cross Site Scripting (XSS) 
http://drupal.org/node/1719462 | SA-CONTRIB-2012-123 - Shibboleth
authentication - Access Bypass http://drupal.org/node/1719482 |
SA-CONTRIB-2012-124 - Mime Mail - Access Bypass



Multiple Vulnerabilities: http://drupal.org/node/1719548 |
SA-CONTRIB-2012-125 - Chaos tool suite (ctools) - Local File
Inclusion http://drupal.org/node/1719548 | SA-CONTRIB-2012-125 -
Chaos tool suite (ctools) - Cross Site Scripting (XSS)

This sounds like a single issue with two possible outcomes?

The module doesn't sufficiently validate css import statements to
confirm they only include css content appropriate to show to end
users. This could allow a malicious user to add sensitive content from
the site (e.g. settings.php) exposing that sensitive content to
visitors of the page. It could also be used to execute a Cross Site
Scripting attack.

Links to the code commits fixing this would be helpful.

http://drupal.org/node/1732946 | SA-CONTRIB-2012-126 - Hotblocks -
Cross Site Scripting (XSS) and Denial of Service (DoS)

This is a multiple CVE issue?

http://drupal.org/node/1732980 | SA-CONTRIB-2012-127 - Custom
Publishing Options - Cross Site Scripting (XSS) Vulnerability 
http://drupal.org/node/1733056 | SA-CONTRIB-2012-128 - Elegant
Theme - Cross Site Scripting (XSS) http://drupal.org/node/1762160 |
SA-CONTRIB-2012-129 - Activism - Access Bypass



Multiple Vulnerabilities: http://drupal.org/node/1762220 |
SA-CONTRIB-2012-130 - Jstool - Access Bypass 
http://drupal.org/node/1762220 | SA-CONTRIB-2012-130 - Jstool -
Arbitrary code inclusion

The description/vulns don't seem to match up on this one. Can you clarify?

The module does not protect its menu paths, which contain sensitive
information about all javascript files on the site and their contents.
The module does not validate filenames which can lead to potential
read/write access to arbitrary files on the server.

Links to the code commits fixing this would be helpful.

http://drupal.org/node/1762470 | SA-CONTRIB-2012-131 - Email Field
- Access Bypass http://drupal.org/node/1762480 |
SA-CONTRIB-2012-132 - Announcements - Access Bypass


http://drupal.org/node/1762482 | SA-CONTRIB-2012-133 - Taxonomy
Image - Cross Site Scripting (XSS) & Arbitrary PHP code execution
So this is the same root issue, not filtering file uploads allowing an
attacker to upload arbitrary stuff (including PHP code), the outcome
of which could be PHP code execution, or XSS (or other things I
suppose like DoS, CSRF, etc.)?


Thanks, Josh - on behalf of the Drupal security team.

- -- 
Kurt Seifried Red Hat Security Response Team (SRT)
PGP: 0x5E267993 A90B F995 7350 148F 66BF 7554 160D 4553 5E26 7993

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://www.enigmail.net/

iQIcBAEBAgAGBQJQcR4XAAoJEBYNRVNeJnmTDe0P/iCLTgHkCF0Q5fg+6CW8c/uz
6PJBxD36OEitOC2wHMGEE7t3E95Nl/DfcKteUgByLUp7SJSAttGsVTLkeSIjFt3L
nk0XFEbdGmrsBRs7WnmyiCQKMXL2TEOOXDoXpyB1VNshLIt02KIPOPgtx6/2iobI
bmy51ycb0nn7+ENYYJ8VPG/QWq7vbXEzjVi/4gsZKmyu5zLyRnF0qwi90IIoh1zO
o3NH3lLLkVU+TMRLd7oSvaoNjIgg9mcSaOon0H7bwdUmdT1PyJXL1aDq3teDI9+5
DhBoFyAy4m26FaxURryl4tbEbN1yKbC88MNxt/JTvrnvxNLAjAX+az1/CDnb02US
luDNG30vuolI6zYqfOl1FZRIOtgZEBgJ41oTB6v/WQs0dKgiiZeSyxNMVWhlAmTc
0enbfC3rtzHU7N6HNdmuRhzrS9nInpNAJJr2Da0yPbDrP5WdCpSrmmi5zckpciAo
OsqXefGKZqMOqvYEXAkbssAS/ACkv8WB++9jySPRc+ktK85t+mrwziuYIv9qGFTH
u+CmX8y208Tlk3g8ptFY6DB2YFaAsiq7kRQaTf56VwhJvTpUZHYfR4DxMHVqToCi
yX+55GRnIOngQwvOSbu6zIQ8Bpqd6iJHvKkUq4WM5r2XSPjRn5Uj3QyfKV/eHx4A
SLMDKmKG4YtdCRTrFpob
=gXGG
-----END PGP SIGNATURE-----


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault